CVS commit: pkgsrc/security/pam_ssh_agent_auth

["Nia Alarie" <nia%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   nia
Date:           Sat Apr 10 09:10:11 UTC 2021

Modified Files:
        pkgsrc/security/pam_ssh_agent_auth: Makefile PLIST distinfo
Added Files:
        pkgsrc/security/pam_ssh_agent_auth/patches: patch-Makefile.in
            patch-ssh-ecdsa.c
Removed Files:
        pkgsrc/security/pam_ssh_agent_auth/patches: patch-aa patch-ab patch-ac

Log Message:
pam_ssh_agent_auth: update to 0.10.4

- fixed build with openssl 1.1.
- grabbed some fixes from FreeBSD.
- now uses the new GITHUB_SUBMODULES - thx ryoon!


To generate a diff of this commit:
cvs rdiff -u -r1.9 -r1.10 pkgsrc/security/pam_ssh_agent_auth/Makefile
cvs rdiff -u -r1.1.1.1 -r1.2 pkgsrc/security/pam_ssh_agent_auth/PLIST
cvs rdiff -u -r1.3 -r1.4 pkgsrc/security/pam_ssh_agent_auth/distinfo
cvs rdiff -u -r0 -r1.1 \
    pkgsrc/security/pam_ssh_agent_auth/patches/patch-Makefile.in \
    pkgsrc/security/pam_ssh_agent_auth/patches/patch-ssh-ecdsa.c
cvs rdiff -u -r1.1.1.1 -r0 \
    pkgsrc/security/pam_ssh_agent_auth/patches/patch-aa \
    pkgsrc/security/pam_ssh_agent_auth/patches/patch-ab \
    pkgsrc/security/pam_ssh_agent_auth/patches/patch-ac

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/security/pam_ssh_agent_auth/Makefile
diff -u pkgsrc/security/pam_ssh_agent_auth/Makefile:1.9 pkgsrc/security/pam_ssh_agent_auth/Makefile:1.10
--- pkgsrc/security/pam_ssh_agent_auth/Makefile:1.9     Fri Apr 24 11:41:37 2020
+++ pkgsrc/security/pam_ssh_agent_auth/Makefile Sat Apr 10 09:10:11 2021
@@ -1,20 +1,23 @@
-# $NetBSD: Makefile,v 1.9 2020/04/24 11:41:37 nia Exp $
+# $NetBSD: Makefile,v 1.10 2021/04/10 09:10:11 nia Exp $
 
-DISTNAME=      pam_ssh_agent_auth-0.9.2
-PKGREVISION=   2
+DISTNAME=      pam_ssh_agent_auth-0.10.4
 CATEGORIES=    security
-MASTER_SITES=  ${MASTER_SITE_SOURCEFORGE:=pamsshagentauth/}
-EXTRACT_SUFX=  .tar.bz2
+MASTER_SITES=  ${MASTER_SITE_GITHUB:=jbeverly/}
+GITHUB_TAG=    ${DISTNAME}
 
 MAINTAINER=    agc%NetBSD.org@localhost
-HOMEPAGE=      https://sourceforge.net/projects/pamsshagentauth/
+HOMEPAGE=      https://github.com/jbeverly/pam_ssh_agent_auth
 COMMENT=       PAM module which permits authentication via ssh-agent
 LICENSE=       modified-bsd
 
-BROKEN=                "Fails to build with OpenSSL 1.1"
-
 GNU_CONFIGURE= yes
 USE_TOOLS+=    pod2man
 
+GITHUB_SUBMODULES+=    floodyberry ed25519-donna 8757bd4cd209cb032853ece0ce413f122eef212c ed25519-donna
+
+CONFIGURE_ARGS+=       --without-openssl-header-check
+
+INSTALLATION_DIRS+=    ${PKGMANDIR}/man8
+
 .include "../../security/openssl/buildlink3.mk"
 .include "../../mk/bsd.pkg.mk"

Index: pkgsrc/security/pam_ssh_agent_auth/PLIST
diff -u pkgsrc/security/pam_ssh_agent_auth/PLIST:1.1.1.1 pkgsrc/security/pam_ssh_agent_auth/PLIST:1.2
--- pkgsrc/security/pam_ssh_agent_auth/PLIST:1.1.1.1    Fri Dec 11 19:48:12 2009
+++ pkgsrc/security/pam_ssh_agent_auth/PLIST    Sat Apr 10 09:10:11 2021
@@ -1,3 +1,3 @@
-@comment $NetBSD: PLIST,v 1.1.1.1 2009/12/11 19:48:12 agc Exp $
+@comment $NetBSD: PLIST,v 1.2 2021/04/10 09:10:11 nia Exp $
 libexec/pam_ssh_agent_auth.so
 man/man8/pam_ssh_agent_auth.8

Index: pkgsrc/security/pam_ssh_agent_auth/distinfo
diff -u pkgsrc/security/pam_ssh_agent_auth/distinfo:1.3 pkgsrc/security/pam_ssh_agent_auth/distinfo:1.4
--- pkgsrc/security/pam_ssh_agent_auth/distinfo:1.3     Wed Nov  4 01:18:00 2015
+++ pkgsrc/security/pam_ssh_agent_auth/distinfo Sat Apr 10 09:10:11 2021
@@ -1,9 +1,12 @@
-$NetBSD: distinfo,v 1.3 2015/11/04 01:18:00 agc Exp $
+$NetBSD: distinfo,v 1.4 2021/04/10 09:10:11 nia Exp $
 
-SHA1 (pam_ssh_agent_auth-0.9.2.tar.bz2) = 0f3d9455a8f983907cfad293105cfb16c4a08a0a
-RMD160 (pam_ssh_agent_auth-0.9.2.tar.bz2) = 2ef2a4dbb1f3115751f596629c0518e65500cdf4
-SHA512 (pam_ssh_agent_auth-0.9.2.tar.bz2) = e710a4dff315c8d79c5d5edc4ebe1629a8fc6d09651813fd4792a2021e7c2d5768d6b7e8539801e31b947cc30817f32375d751fc396707fc4f257df4f33cd408
-Size (pam_ssh_agent_auth-0.9.2.tar.bz2) = 237156 bytes
-SHA1 (patch-aa) = a32866ae59734b94c55a3531094bbd6b6d9cdbfc
-SHA1 (patch-ab) = 9ef4711ea6a65a627e581d8905a3a9f8ef0cf202
-SHA1 (patch-ac) = ade7a45c5e42307ee0e9ffbdbd708a6fef64ada0
+SHA1 (floodyberry-ed25519-donna-8757bd4cd209cb032853ece0ce413f122eef212c.tar.gz) = 5cf66843d4f66fea1117bc44a8d4c94eaeeda840
+RMD160 (floodyberry-ed25519-donna-8757bd4cd209cb032853ece0ce413f122eef212c.tar.gz) = bca5b0cb7d314bc72ba37415b557d618d6705b2f
+SHA512 (floodyberry-ed25519-donna-8757bd4cd209cb032853ece0ce413f122eef212c.tar.gz) = 
5e8b838bc66bdb1983e62b0ae969449741a3fb223198bce26fe3a8996e324728e8ba0e5259f9ef3db613fd484db21459e98c39367f7240940bc537210c6d7f63
+Size (floodyberry-ed25519-donna-8757bd4cd209cb032853ece0ce413f122eef212c.tar.gz) = 1169972 bytes
+SHA1 (pam_ssh_agent_auth-0.10.4.tar.gz) = 66dd8274346fd006ff40f525c082cfb701085b5f
+RMD160 (pam_ssh_agent_auth-0.10.4.tar.gz) = d4c02cb47d096ac261d1cb15791483c5c7261f12
+SHA512 (pam_ssh_agent_auth-0.10.4.tar.gz) = caccf72174d15e43f4c86a459ac6448682e62116557cf1e1e828955f3d1731595b238df42adec57860e7f341e92daf5d8285020bcb5018f3b8a5145aa32ee1c2
+Size (pam_ssh_agent_auth-0.10.4.tar.gz) = 307110 bytes
+SHA1 (patch-Makefile.in) = fd95237832ab5a30b38a9544462a124e2fd81a2d
+SHA1 (patch-ssh-ecdsa.c) = edc122ec4ad70d92d507c399775d4c112cf4f10c

Added files:

Index: pkgsrc/security/pam_ssh_agent_auth/patches/patch-Makefile.in
diff -u /dev/null pkgsrc/security/pam_ssh_agent_auth/patches/patch-Makefile.in:1.1
--- /dev/null   Sat Apr 10 09:10:12 2021
+++ pkgsrc/security/pam_ssh_agent_auth/patches/patch-Makefile.in        Sat Apr 10 09:10:11 2021
@@ -0,0 +1,15 @@
+$NetBSD: patch-Makefile.in,v 1.1 2021/04/10 09:10:11 nia Exp $
+
+Do not install manpages to catpage directories.
+
+--- Makefile.in.orig   2019-07-08 16:36:13.000000000 +0000
++++ Makefile.in
+@@ -148,7 +148,7 @@ install: $(CONFIGFILES) $(MANPAGES) $(PA
+ install-files:
+       $(srcdir)/mkinstalldirs $(DESTDIR)$(libexecdir)
+       $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)8
+-      $(INSTALL) -m 644 pam_ssh_agent_auth.8 $(DESTDIR)$(mandir)/$(mansubdir)8/pam_ssh_agent_auth.8
++      $(INSTALL) -m 644 pam_ssh_agent_auth.8 $(DESTDIR)$(mandir)/man8/pam_ssh_agent_auth.8
+       $(INSTALL) -m 755 pam_ssh_agent_auth.so $(DESTDIR)$(libexecdir)/pam_ssh_agent_auth.so
+ 
+ uninstallall: uninstall
Index: pkgsrc/security/pam_ssh_agent_auth/patches/patch-ssh-ecdsa.c
diff -u /dev/null pkgsrc/security/pam_ssh_agent_auth/patches/patch-ssh-ecdsa.c:1.1
--- /dev/null   Sat Apr 10 09:10:12 2021
+++ pkgsrc/security/pam_ssh_agent_auth/patches/patch-ssh-ecdsa.c        Sat Apr 10 09:10:11 2021
@@ -0,0 +1,52 @@
+$NetBSD: patch-ssh-ecdsa.c,v 1.1 2021/04/10 09:10:11 nia Exp $
+
+Fix segfault when handling ECDSA keys
+
+Import patch by Marc Deslauriers from the Ubuntu package of pam_ssh_agent_auth
+
+Ref: https://github.com/jbeverly/pam_ssh_agent_auth/pull/24/files
+     https://github.com/jbeverly/pam_ssh_agent_auth/issues/18
+     https://bugs.launchpad.net/ubuntu/+source/pam-ssh-agent-auth/+bug/1869512
+
+--- ssh-ecdsa.c.orig   2019-07-08 16:36:13.000000000 +0000
++++ ssh-ecdsa.c
+@@ -46,7 +46,7 @@ ssh_ecdsa_sign(const Key *key, u_char **
+     u_int len, dlen;
+     Buffer b, bb;
+ #if OPENSSL_VERSION_NUMBER >= 0x10100005L
+-      BIGNUM *r, *s;
++      BIGNUM *r = NULL, *s = NULL;
+ #endif
+ 
+     if (key == NULL || key->type != KEY_ECDSA || key->ecdsa == NULL) {
+@@ -137,20 +137,27 @@ ssh_ecdsa_verify(const Key *key, const u
+ 
+     /* parse signature */
+     if ((sig = ECDSA_SIG_new()) == NULL)
+-        pamsshagentauth_fatal("ssh_ecdsa_verify: DSA_SIG_new failed");
++        pamsshagentauth_fatal("ssh_ecdsa_verify: ECDSA_SIG_new failed");
+ 
+     pamsshagentauth_buffer_init(&b);
+     pamsshagentauth_buffer_append(&b, sigblob, len);
+ #if OPENSSL_VERSION_NUMBER < 0x10100005L
+     if ((pamsshagentauth_buffer_get_bignum2_ret(&b, sig->r) == -1) ||
+         (pamsshagentauth_buffer_get_bignum2_ret(&b, sig->s) == -1))
++        pamsshagentauth_fatal("ssh_ecdsa_verify:"
++            "pamsshagentauth_buffer_get_bignum2_ret failed");
+ #else
+-    DSA_SIG_get0(sig, &r, &s);
++    if ((r = BN_new()) == NULL)
++        pamsshagentauth_fatal("ssh_ecdsa_verify: BN_new failed");
++    if ((s = BN_new()) == NULL)
++        pamsshagentauth_fatal("ssh_ecdsa_verify: BN_new failed");
+     if ((pamsshagentauth_buffer_get_bignum2_ret(&b, r) == -1) ||
+         (pamsshagentauth_buffer_get_bignum2_ret(&b, s) == -1))
+-#endif
+         pamsshagentauth_fatal("ssh_ecdsa_verify:"
+             "pamsshagentauth_buffer_get_bignum2_ret failed");
++    if (ECDSA_SIG_set0(sig, r, s) != 1)
++        pamsshagentauth_fatal("ssh_ecdsa_verify: ECDSA_SIG_set0 failed");
++#endif
+ 
+     /* clean up */
+     memset(sigblob, 0, len);